Enabling Kerberos authentication and RPC encryption

You must already have a secure Cloudera Manager cluster with Kerberos authentication enabled.

  1. In Cloudera Manager, navigate to Kudu > Configuration.
  2. In the Search field, type Kerberos to show the relevant properties.
  3. Find and edit the following properties according to your cluster configuration:
    Field Usage Notes
    Kerberos Principal Set to the default principal, kudu. Currently, Kudu does not support configuring a custom service principal for Kudu processes.
    Enable Secure Authentication And Encryption Select this checkbox to enable authentication and RPC encryption between all Kudu clients and servers, as well as between individual servers. Only enable this property after you have configured Kerberos.

    If this is not selected, security is not enforced but secured clients are not rejected either and the connection will be encrypted if both sides support it.

  4. Click Save Changes.
    An error message displayed that tells you the Kudu keytab is missing.
  5. Navigate to Administration > Security.
  6. Select the Kerberos Credentials tab.

    On this page you will see a list of the existing Kerberos principals for services running on the cluster.

  7. Click Generate Missing Credentials
    Once the Generate Missing Credentials command has finished running, you will see the Kudu principal added to the list.